Steep learning curve. Requires basic understanding of networking and TCP/IP. Not for laymen.

Bottom Line

Wireshark is a free tool that provides many of the same troubleshooting and analysis of more expensive packet sniffers.

The home screen of Wireshark has a banner citing it as "The World's Most Popular Network Protocol Analyzer." While I can't quantify that claim, there is no doubt that Wireshark is a widely-used tool for troubleshooting network problems. I can tell you, it's not only free, it's does so much more than most of the competition.

Similar Products

Wireshark is a network protocol analyzer more for small to mid-sized businesses than home users. Think of a protocol analyzer as a measuring device used to examine what's going on in a network. It's relatively easy to use with some practice and reading through the user's guide. It runs on Windows and the Mac and even comes in a portable version for running on USB keys (under Windows).

It's got a lot of of the same functionality as other packet sniffers like SoftPerfect's Network Protocol Analyzer, which costs $99.00 for a single license. The popular NetStumbler is a free packet sniffer as well, but it's for Wi-Fi alone and unlike Wireshark, only works on Windows.

Setup and Features
Wireshark works by capturing packets. It can identify erroneous packets so network admins can hone in on problems like bottlenecks and maintain efficient network performance.

To capture packets using Wireshark, select the connection you want to see network information for; i.e. a wireless adapter on a laptop or an Ethernet adapter on a desktop.

You're not limited to capturing Wi-Fi or Ethernet packets, though. Depending on the operating system you're using, it's possible to capture in VLANs, Bluetooth, USB and other types of network traffic.

For novice Wireshark users, Expert Info is the feature to learn. It displays uncommon or notable network behavior. Each line of information is color-coded to signify the severity levelthe color Cyan indicates an unusual occurrence like an HTTP 404 error. Red means something more serious is going on, like malformed packets which can be caused by something as innocent as a dying network card or something more malevolent like a Denial-of-Service attack.

As you get more accustomed to Wireshark you may want to specify exactly what type of traffic you want to see. For example, you may want to show only packets containing the TCP protocol. Wireshark has a simple yet powerful way to filter displays. To get you started, there are pre-built display filter expressions to view at wiki.wireshark.org.

Bottom Line
Packet capturing and analysis is a great way to understand what's going on under-the-hood of a network. Unfortunately, packet sniffing is also the way hackers find weaknesses in networks to exploit. That's why keeping one step ahead of (or at least on the same page as) the bad guys by using analysis tools like Wireshark gives you that much more of an edge in keeping your network secure as well as running at top efficiency.

About the Author

Samara Lynn has nearly twenty years experience in Information Technology; most recently as IT Director at a major New York City healthcare facility. She has a Bachelor's degree from Brooklyn College, several technology certifications, and she was a tech editor for the CRN Test Center.
With an extensive, hands-on background in deploying and manag... See Full Bio

Wireshark 1.2.6

Get Our Best Stories!

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.